3750 Rate Limiting Not Working

Answered Question
May 19th, 2008
User Badges:

Have a Network layed out like this:


3750

| (Trunk)

Dell Powerconnect

| (Access)

Server


The Powerconnect switch 18 VLANs on it. The server in question is connected to a switchport on the Powerconnect with setup as an access port with VLAN assignment. The uplink from the powerconnect to the 3750 is a trunk. My goal is to rate limit the bandwidth coming from the server going out to internet (connected to a L3 port on the 3750). From my reading a service policy should have been able to handle this (also read didn't work on egress interfaces). As such I setup an ACL:


ip access-list extended Rate_Limiter_ACL

permit ip host x.x.x.22 any


Setup a class map:


class-map match-all Rate_Limiter_Map

match access-group Rate_Limiter_ACL


Created policy map to rate-limit (Police):


policy-map Rate_Limited_Policy

class Rate_Limiter_Map

police 2400000 65536 exceed-action drop


Applied service-policy to the TRUNK interface connecting to the powerconnect as the outbound traffic from the server should be ingress to the trunk interface on the 3750.


interface GigabitEthernet1/0/20

service-policy input Rate_Limiter_Map


Problem is, rate is not limited often times spikes to 7+ Mbps.


Am I misunderstanding the way policing works? Is something configured wrong?


I tried switching the access-list's source and destination and that did not help either.


sho policy-map int g1/0/20 shows the policy and class applied to the interface but nothing is getting matched, not even in the "class-default". Does a class-default have to be configured even if it is for all other traffic for the policy map to work?


Any help is appreciated.

Correct Answer by vman1976nj about 9 years 5 days ago

DO you have QOS enabled with the


mls qos


statement? Your config looks correct and similiar to one I've used.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Edison Ortiz Mon, 05/19/2008 - 16:30
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

policy-map Rate_Limited_Policy

class Rate_Limiter_Map

police 2400000 65536 exceed-action drop


....


Problem is, rate is not limited often times spikes to 7+ Mbps.


Your policed policy is set to 2.4Gbps which you aren't violating at 7Mbps, unless I'm missing something...


__


Edison.

caplinktech Tue, 05/20/2008 - 05:57
User Badges:

Cisco IOS "help", indicates the speed should be in bps not kbps so the speed set should be 2.4 Mbps, unless you are trying to indicate that the "help" is incorrect. However a quick search for some examples all show the speed set in bps as well so I don't think that is the issue.


See below:



myhost(config-pmap-c)#polic ?

<8000-1000000000> Bits per second

aggregate Choose aggregate policer for current class



Edison Ortiz Tue, 05/20/2008 - 06:14
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

My mistake, you are correct.


Can you provide the output from typing


show policy-map interface


__


Edison.

Correct Answer
vman1976nj Tue, 05/20/2008 - 07:11
User Badges:

DO you have QOS enabled with the


mls qos


statement? Your config looks correct and similiar to one I've used.

caplinktech Tue, 05/20/2008 - 07:43
User Badges:

Well I thought that might have been it because I did forget to enable it.


However, sho policy-map int still showing all zeroes. At the same time traffic hasn't spiked on the interface in question, but it has only been 10 minutes of monitoring, but I will update the thread in an hour or so after reviewing the traffic.


I still have my doubts however, as like I said the service-policy is not catching any packets and I thought the class-default should catch everything not part of the access-list.

Amit Singh Tue, 05/20/2008 - 09:35
User Badges:
  • Cisco Employee,

You are using a wrong policy map on the interface.


Check this :


interface GigabitEthernet1/0/20

service-policy input Rate_Limiter_Map <---- This is the class-map that you have defined.


Policy map that you have defined is -----> policy-map Rate_Limited_Policy

class Rate_Limiter_Map


The config should be :


interface GigabitEthernet1/0/20

service-policy input Rate_Limited_Policy


HTH, Please rate if it does.


-amit singh

caplinktech Tue, 05/20/2008 - 10:40
User Badges:

Hi Amit,


Nice catch, however, all the names correctly match in the actual config. I simply made an error when copying over names for the post.


I think forgetting to enable Qos was the issue as it appears to be properly rate-limiting now. I would still be curious to any insight as to why despite it correctly limiting is "sho policy-map int" not showing any stats.

andrew.butterworth Tue, 05/20/2008 - 12:49
User Badges:
  • Gold, 750 points or more

This is a known (and well documented) 'feature' of the standalone Catalysts (2960, 3560 & 3750) whereby none of the policy counters work. The best you are going to get is 'show mls qos interface statistics' - there is a 'in policy' and 'out policy' counter per interface.

It is very annoying not having this command though...


Andy

caplinktech Tue, 05/20/2008 - 13:15
User Badges:

Nice feature, did I have to pay extra for that or was it standard equipment :-)?

Actions

This Discussion